Email phishing, despite being an old hacking method, is still a very lucrative option for many cyber criminals. This time focus is on HMRC with many targeted through an email phishing campaign with the intent to steal users’ logins and payment card details.

New HMRC Email Phishing Tricks Users For Tax Refunds

Researchers at Malwarebytes Labs have uncovered an old phishing trick being exploited in the wild once again. The attackers make use of HMRC email phishing attacks to pilfer email login details and payment data of the users.

The attackers seemingly bait the users by offering tax refunds. To put some pressure on the recipients, they further provide deadlines in their emails for the users to claim said refunds. The emails claim to be from the UKGOV tax office. These emails offer a refund of GBP 542.94 to be sent directly into the customers’ accounts.

How Does It Work

Since only the researchers at Malwarebytes Labs received such an email, they explained about this new HMRC phishing attack in detail. Reportedly, the scam begins by asking the recipient to click on a given link to the “gateway portal”. Upon clicking the link, the user reaches a new page that appears like Microsoft Outlook. Here, the user will supposedly enter their email and password to the login portal. From this point, the attackers gain access to the email login credentials.

Afterward, the user reaches a fake HMRC portal that displays a form. A tricked user would unknowingly begin entering all the details as asked, thus falling a prey to the hackers. The details asked at this stage include users’ name, contact address, contact number, date of birth, mother’s maiden name (a common secret question for most accounts), and card details.

The reason why phishing is still so successful is that most users tend to be more trusting when receiving emails. As in this case, the attackers offer tax refund a typical issue one would come across every few years.

To stay protected from such attacks, make sure you double check the sender’s address before opening emails, additionally avoid following direct links and log in to a website directly.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Related

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]